6

For example:

<iframe src="http://otherdomainidontcontrol.com/blah.csv"></iframe>

And blah.csv has this header:

Content-Disposition: attachment; filename=blah.csv;

Is it possible to force blah.csv to render in the iframe instead of downloading?

Robert Harvey
  • 178,213
  • 47
  • 333
  • 501
Matt York
  • 15,981
  • 7
  • 47
  • 51
  • Do you mean from the server or on the browser? On the server you'd need to change the disposition to inline and the mime type to something the browser will render (e.g. text/plain). Fetching the content via AJAX should allow you to render it using javascript. – symcbean Aug 13 '12 at 09:26

2 Answers2

10

We've actually been looking into this for our application, since we want the browser to render the file embedded if it is capable of doing so - and if not capable, we want the browser to download the file under an appropriate name.

If you change the Content-Disposition header to be inline instead of attachment, it works in that manner - the browser will render the file if it is able to do so, and if not, the file will be downloaded as whatever you specify in the filename portion of the Content-Disposition header

response.headers['Content-Disposition'] = "inline; filename=name.extension"

However, if as you have said, your blah.csv comes back with that header and you can't intercept it or change that, then I would agree there is no way around it. The "attachment" part specifies that the file be downloaded.

Krista
  • 895
  • 1
  • 6
  • 16
5

I don't think there is a way to bypass Content-Disposition (and this is likely to be good for security reasons).

Julian Reschke
  • 40,156
  • 8
  • 95
  • 98